Messing around with Shodan again, its addictive! Found some issues via the recent searches. I didn’t find these, just saw the searches already performed and verified the defaults using vendor web sites:
3com OfficeConnect VPN Firewall has a default password and is nice enough to tell you when you connect! Kind a defeats the purpose of a security device….
The VMAX Web Viewer (identify via “Server: Boa/0.94.13”) by Digital Watchdog has the manual online showing the default account of ‘admin’ has no password.
The CudaTel Communications Server has a default account of ‘admin’ and a default password of ‘admin’.
ZyWall Firewalls have a default password of ‘1234’ for the Web Configurator. Even if the password is changed, the system sends the default in the first login connection.
While verifying that default i saw the MultiTech RouteFinder Internet Security Appliance (model RF850 and RF860 and probably more) have a default account of ‘admin’ and default password of ‘admin’.
The SonicWall TZ Series firewalls have a default account of ‘admin’ and a default password of ‘password’.
Leave a comment